Malicious programs are a type of special programs which sneak into the computer system of a user without the user's awareness and authorization and attack the system of the user.
A malicious program may comprise a virus, a backdoor program, a Trojan program, a macro virus, a master boot record (MBR) virus, a script virus, etc. Before finding and killing a malicious virus, a malicious program will first be identified; taking finding and killing a virus as an example, the finding and killing is mainly done in the prior art by way of a character string signature and a simple manual summarization, the found and killed viruses are all known viruses, and it is difficult to find and kill a new virus.
The inventors have found in the course of studying the prior art that, in the prior art a heuristic kill-all of artificial rules and a character string signature are substantially adopted, such a way of identifying a malicious program heavily relies on an virus analyst, it needs the analyst to perform a manual analysis for already existing samples and find out a corresponding feature, therefore a large number of experienced persons are needed so as to resolve problems, and because of the technical complexity, the result of manual processing will lead to a low efficiency; in the prior art only a known problem can be processed, while it is impossible to prevent a problem that might happen, therefore there exists a certain hysteresis; since the prior art performs a finding and killing based on a simple feature or rule, an avoidance of being killed is easily achieved by a virus maker.